Tomcat访问日志得到一个403请求,但是RequestDumperFilter看不到这个403请求的详细信息
Tomcat Access log get a 403 request, but RequestDumperFilter can't see the details of this 403 request
在 tomcat 9.0.31 上,我只是配置 AccessLogValve 以记录 tomcat、
中的所有请求
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
同时在tomcat/conf/web.xml和logging.properties中配置RequestDumperFilter,具体见官方文档,
<filter>
<filter-name>rootrequestdumper</filter-name>
<filter-class>
org.apache.catalina.filters.RequestDumperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>rootrequestdumper</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
handlers = 1request-dumper.org.apache.juli.FileHandler,1catalina.org.apache.juli.AsyncFileHandler,
1request-dumper.org.apache.juli.FileHandler.level = INFO
1request-dumper.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1request-dumper.org.apache.juli.FileHandler.prefix = request-dumper.
1request-dumper.org.apache.juli.FileHandler.encoding = UTF-8
1request-dumper.org.apache.juli.FileHandler.formatter = org.apache.juli.VerbatimFormatter
org.apache.catalina.filters.RequestDumperFilter.level = INFO
org.apache.catalina.filters.RequestDumperFilter.handlers = \
1request-dumper.org.apache.juli.FileHandler
在 request-dumper 日志文件中,我可以看到所有请求都包含带有 return 代码的请求,例如 404,200。除了 403!!!
例如,在 localhost_access_log.2021-06-21.txt
10.240.220.201 - - [21/Jun/2021:03:41:48 +0000] "POST /test/api/case/test201 HTTP/1.1" 403 716
10.240.221.201 - - [21/Jun/2021:03:41:53 +0000] "-" 400 -
10.240.221.175 - - [21/Jun/2021:03:41:56 +0000] "-" 400 -
10.240.221.201 - - [21/Jun/2021:03:42:43 +0000] "-" 400 -
10.240.221.175 - - [21/Jun/2021:03:42:46 +0000] "-" 400 -
10.240.221.175 - - [21/Jun/2021:03:37:06 +0000] "-" 400 -
10.240.221.201 - - [21/Jun/2021:03:37:10 +0000] "GET /actuator/health HTTP/1.1" 404 728
但在 requestDumper 过滤器日志文件中,只有 404 请求和响应:
https-jsse-nio-16748-exec-10 START TIME =21-Jun-2021 03:37:10
https-jsse-nio-16748-exec-10 requestURI=/actuator/health
https-jsse-nio-16748-exec-10 authType=null
https-jsse-nio-16748-exec-10 characterEncoding=null
https-jsse-nio-16748-exec-10 contentLength=-1
https-jsse-nio-16748-exec-10 contentType=null
https-jsse-nio-16748-exec-10 contextPath=
https-jsse-nio-16748-exec-10 header=host=XXXX
https-jsse-nio-16748-exec-10 header=accept=*/*
https-jsse-nio-16748-exec-10 header=accept-encoding=gzip
https-jsse-nio-16748-exec-10 header=user-agent=Mozilla/5.0 zgrab/0.x
https-jsse-nio-16748-exec-10 header=x-forwarded-port=443
https-jsse-nio-16748-exec-10 header=x-forwarded-proto=https
https-jsse-nio-16748-exec-10 header=connection=keep-alive
https-jsse-nio-16748-exec-10 locale=en_US
https-jsse-nio-16748-exec-10 method=GET
https-jsse-nio-16748-exec-10 pathInfo=null
https-jsse-nio-16748-exec-10 protocol=HTTP/1.1
https-jsse-nio-16748-exec-10 queryString=null
https-jsse-nio-16748-exec-10 remoteAddr=
https-jsse-nio-16748-exec-10 remoteHost=
https-jsse-nio-16748-exec-10 remoteUser=null
https-jsse-nio-16748-exec-10 requestedSessionId=null
https-jsse-nio-16748-exec-10 scheme=https
https-jsse-nio-16748-exec-10 serverName=
https-jsse-nio-16748-exec-10 serverPort=443
https-jsse-nio-16748-exec-10 servletPath=/actuator/health
https-jsse-nio-16748-exec-10 isSecure=true
https-jsse-nio-16748-exec-10 ------------------=--------------------------------------------
https-jsse-nio-16748-exec-10 ------------------=--------------------------------------------
https-jsse-nio-16748-exec-10 authType=null
https-jsse-nio-16748-exec-10 contentType=null
https-jsse-nio-16748-exec-10 header=Cache-Control=no-store, no-cache, must-revalidate, max-age=0
https-jsse-nio-16748-exec-10 header=Pragma=no-cache
https-jsse-nio-16748-exec-10 header=X-XSS-Protection=1; mode=block
https-jsse-nio-16748-exec-10 header=X-Content-Type-Options=nosniff
......
https-jsse-nio-16748-exec-10 remoteUser=null
https-jsse-nio-16748-exec-10 status=404
https-jsse-nio-16748-exec-10 END TIME =21-Jun-2021 03:37:10
https-jsse-nio-16748-exec-10 ===============================================================
有人知道这个问题吗?
有些请求永远不会到达您的应用程序。
请求必须通过每个 Valve before being passed to the FilterChain。 FilterChain的doFilter方法执行完后,以相反的顺序控制return阀门。阀的顺序可能如下所示:
StandardEngineValve - 选择主机,AccessLogValve - 记录请求(在 return 路径上),ErrorReportValve - 写入错误信息,StandardHostValve - 选择应用程序,BasicAuthenticator - 如果需要,对用户进行身份验证,StandardContextValve - 选择 servletStandardWrapperValve - 调用 FilterChain
有些错误永远不会达到 7:
- A
400 Bad Request(例如 URL 包含禁用字符),永远不会超过 4.
- 如果需要身份验证但失败(
401 Unauthorized 和 403 Forbidden),请求将在 5 和 return 到 4 停止。如果您定义了一些自定义 <error-page>s,StandardHostValve 再次将请求转发给应用程序并且可以被过滤器捕获,否则控制传递给 3.
回答您的具体案例:在 web.xml 描述符中
- 为
403 个错误添加自定义处理程序,
- 添加一个新的
<filter-mapping>来执行,当请求的DispatcherType是ERROR.
例如,您可以添加如下内容:
<filter-mapping>
<filter-name>rootrequestdumper</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<error-page>
<error-code>403</error-code>
<location>/WEB-INF/403.jsp</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/WEB-INF/401.jsp</location>
</error-page>
并为错误创建两个 JSP 页面 /WEB-INF/401.jsp 和 /WEB-INF/403.jsp。
在 tomcat 9.0.31 上,我只是配置 AccessLogValve 以记录 tomcat、
中的所有请求 <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
同时在tomcat/conf/web.xml和logging.properties中配置RequestDumperFilter,具体见官方文档,
<filter>
<filter-name>rootrequestdumper</filter-name>
<filter-class>
org.apache.catalina.filters.RequestDumperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>rootrequestdumper</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
handlers = 1request-dumper.org.apache.juli.FileHandler,1catalina.org.apache.juli.AsyncFileHandler,
1request-dumper.org.apache.juli.FileHandler.level = INFO
1request-dumper.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1request-dumper.org.apache.juli.FileHandler.prefix = request-dumper.
1request-dumper.org.apache.juli.FileHandler.encoding = UTF-8
1request-dumper.org.apache.juli.FileHandler.formatter = org.apache.juli.VerbatimFormatter
org.apache.catalina.filters.RequestDumperFilter.level = INFO
org.apache.catalina.filters.RequestDumperFilter.handlers = \
1request-dumper.org.apache.juli.FileHandler
在 request-dumper 日志文件中,我可以看到所有请求都包含带有 return 代码的请求,例如 404,200。除了 403!!! 例如,在 localhost_access_log.2021-06-21.txt
10.240.220.201 - - [21/Jun/2021:03:41:48 +0000] "POST /test/api/case/test201 HTTP/1.1" 403 716
10.240.221.201 - - [21/Jun/2021:03:41:53 +0000] "-" 400 -
10.240.221.175 - - [21/Jun/2021:03:41:56 +0000] "-" 400 -
10.240.221.201 - - [21/Jun/2021:03:42:43 +0000] "-" 400 -
10.240.221.175 - - [21/Jun/2021:03:42:46 +0000] "-" 400 -
10.240.221.175 - - [21/Jun/2021:03:37:06 +0000] "-" 400 -
10.240.221.201 - - [21/Jun/2021:03:37:10 +0000] "GET /actuator/health HTTP/1.1" 404 728
但在 requestDumper 过滤器日志文件中,只有 404 请求和响应:
https-jsse-nio-16748-exec-10 START TIME =21-Jun-2021 03:37:10
https-jsse-nio-16748-exec-10 requestURI=/actuator/health
https-jsse-nio-16748-exec-10 authType=null
https-jsse-nio-16748-exec-10 characterEncoding=null
https-jsse-nio-16748-exec-10 contentLength=-1
https-jsse-nio-16748-exec-10 contentType=null
https-jsse-nio-16748-exec-10 contextPath=
https-jsse-nio-16748-exec-10 header=host=XXXX
https-jsse-nio-16748-exec-10 header=accept=*/*
https-jsse-nio-16748-exec-10 header=accept-encoding=gzip
https-jsse-nio-16748-exec-10 header=user-agent=Mozilla/5.0 zgrab/0.x
https-jsse-nio-16748-exec-10 header=x-forwarded-port=443
https-jsse-nio-16748-exec-10 header=x-forwarded-proto=https
https-jsse-nio-16748-exec-10 header=connection=keep-alive
https-jsse-nio-16748-exec-10 locale=en_US
https-jsse-nio-16748-exec-10 method=GET
https-jsse-nio-16748-exec-10 pathInfo=null
https-jsse-nio-16748-exec-10 protocol=HTTP/1.1
https-jsse-nio-16748-exec-10 queryString=null
https-jsse-nio-16748-exec-10 remoteAddr=
https-jsse-nio-16748-exec-10 remoteHost=
https-jsse-nio-16748-exec-10 remoteUser=null
https-jsse-nio-16748-exec-10 requestedSessionId=null
https-jsse-nio-16748-exec-10 scheme=https
https-jsse-nio-16748-exec-10 serverName=
https-jsse-nio-16748-exec-10 serverPort=443
https-jsse-nio-16748-exec-10 servletPath=/actuator/health
https-jsse-nio-16748-exec-10 isSecure=true
https-jsse-nio-16748-exec-10 ------------------=--------------------------------------------
https-jsse-nio-16748-exec-10 ------------------=--------------------------------------------
https-jsse-nio-16748-exec-10 authType=null
https-jsse-nio-16748-exec-10 contentType=null
https-jsse-nio-16748-exec-10 header=Cache-Control=no-store, no-cache, must-revalidate, max-age=0
https-jsse-nio-16748-exec-10 header=Pragma=no-cache
https-jsse-nio-16748-exec-10 header=X-XSS-Protection=1; mode=block
https-jsse-nio-16748-exec-10 header=X-Content-Type-Options=nosniff
......
https-jsse-nio-16748-exec-10 remoteUser=null
https-jsse-nio-16748-exec-10 status=404
https-jsse-nio-16748-exec-10 END TIME =21-Jun-2021 03:37:10
https-jsse-nio-16748-exec-10 ===============================================================
有人知道这个问题吗?
有些请求永远不会到达您的应用程序。
请求必须通过每个 Valve before being passed to the FilterChain。 FilterChain的doFilter方法执行完后,以相反的顺序控制return阀门。阀的顺序可能如下所示:
StandardEngineValve- 选择主机,AccessLogValve- 记录请求(在 return 路径上),ErrorReportValve- 写入错误信息,StandardHostValve- 选择应用程序,BasicAuthenticator- 如果需要,对用户进行身份验证,StandardContextValve- 选择 servletStandardWrapperValve- 调用FilterChain
有些错误永远不会达到 7:
- A
400 Bad Request(例如 URL 包含禁用字符),永远不会超过 4. - 如果需要身份验证但失败(
401 Unauthorized和403 Forbidden),请求将在 5 和 return 到 4 停止。如果您定义了一些自定义<error-page>s,StandardHostValve再次将请求转发给应用程序并且可以被过滤器捕获,否则控制传递给 3.
回答您的具体案例:在 web.xml 描述符中
- 为
403个错误添加自定义处理程序, - 添加一个新的
<filter-mapping>来执行,当请求的DispatcherType是ERROR.
例如,您可以添加如下内容:
<filter-mapping>
<filter-name>rootrequestdumper</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<error-page>
<error-code>403</error-code>
<location>/WEB-INF/403.jsp</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/WEB-INF/401.jsp</location>
</error-page>
并为错误创建两个 JSP 页面 /WEB-INF/401.jsp 和 /WEB-INF/403.jsp。